Page 1 Managing Flash Media Server...
Page 2 If you access a third-party website mentioned in this guide, then you do so at your own risk. Macromedia provides these links only as a convenience, and the inclusion of the link does not imply that Macromedia endorses or accepts any responsibility for the content on those third-party sites.
Page 3: Table Of Contents
Contents About This Manual........7 Intended audience .
Page 4 Managing Flash Media Server on Linux ......58 Starting the Flash Media Admin Service in Windows... . 58 Starting the Flash Media Admin Service on Linux .
Page 5 Adaptor.xml file ..........147 Summary of Adaptor.
Page 6 Contents...
Page 7: About This Manual
Flash 8. Developers create these applications using ActionScript, a scripting language based on the same standard used by the JavaScript language. Flash Media Server communicates with Macromedia Flash Player using the Real-Time Messaging Protocol (RTMP), an unencrypted TCP/IP protocol designed for high-speed transmission of audio, video, and data messages.
Page 8: System Requirements
CD or can be downloaded from the Macromedia website. To view the help, open the Welcome page (in Windows, Start > Programs > Macromedia > Flash Media Server > Welcome) or in Flash 8, select Help > Using Flash and then select a Flash Media Server topic from the Table of Contents.
Page 9: Typographical Conventions
Therefore, there may be discrepancies between the final implementation of the product’s features and how they are documented in this manual. For a list of known discrepancies, see the documentation update (www.macromedia.com/go/ flashmediaserver_documentation_update_en) in the Flash Support Center (www.macromedia.com/go/flashmediaserver_support_en).
Page 10 About This Manual...
Page 11: Chapter 1: Managing The Server
As a Flash Media Server administrator, you’ll need to perform several administrative tasks after the server is installed. This chapter describes how Macromedia Flash Media Server is configured when you first install it, how to set up additional administrators, and how to monitor the server’s activity.
Page 12: Registering Client Applications
You can configure Flash Media Server 2 as an origin or edge server, configure adaptors and virtual hosts and change the location of the applications directory by editing the server’s configuration files and creating directories in the server’s conf directory. For more information, see Chapter 2, “Deploying Flash Media Server.”...
Page 13: Configuring Virtual Hosts
To edit the <AppsDir> tag in the Vhost.xml file: Locate the Vhost.xml file for the virtual host you are working with. Open the file in a text editor. Replace the path inside the tag with the path of your choice, such as C:\Server AppsDir Files\applications.
Page 14: Deploying Server-Side Scripts
“Using the management console” on page Use the Windows Services control panel. To start or stop the server: In the Start menu, select Programs > Macromedia > Flash Media Server 2> Start Service or Stop Service. To stop the server in the Services control panel: In the Windows Start menu, select Settings >...
Page 15: Starting And Stopping The Server On Linux
In the Services list, scroll down and select Flash Media Server. Click the Stop button at the top of the control panel. The server shuts down. To restart the server in the Services control panel: Open the Services control panel. Select Flash Media Server.
Page 16: Using The Management Console
Objects tab and selects the shared object. The management console displays the object's data properties in the adjoining window. The management console is a Flash application (fmsconsole.swf ) that Macromedia created with public APIs (application programming interfaces). When you install Flash Media Server 2 on Windows or Linux systems, the installer places fmsconsole.html in the Flash Media...
Page 17: Connecting To The Management Console
Macintosh operating systems. To connect to the management console: In Windows, from the Windows Start menu, select Programs > Macromedia > Flash Media Server > Console. In Linux, open the fmsconsole.html file in a web browser on a computer where Flash Player is installed.
Page 18 Enter the name and address of the server or virtual host you want to connect to. You can enter localhost, which will refer to the computer that the management console is running on. If you are connecting remotely by running the management console on another computer, enter the server’s name (FMS.myCompany.com) or the IP address and port number of the server you want to connect to (12.34.56.78:1112).
Page 19: Managing Applications
Setting the refresh rate The management console provides live performance data on the server. You can use the Refresh Rate pop-up menu to control how often the information displayed on the management console is updated. The default rate is five seconds. You can also use the pop-up menu to pause refreshing the information.
Page 20 A user debugging another application now desires to see the contents of a shared object that they have implemented in their application. Specifically they would like to examine the properties in this shared object. Now the user logs into the management console and selects their application.
Page 21: Creating A New Application Instance
Creating a new application instance In the View Applications section of the management console, you can create a new application instance by selecting the New Instance button. This action creates a new application instance within the application list. The management console adds a default instance suffix _definst_, which can be edited.
Page 22 Viewing the Live [Application] log file Each application creates an associated log file. The Live [Application] log pane displays the log messages. The application administrator can use the Find box on the bottom margin of the pane to search for partial strings in the log messages. Pressing the Clear Log button clears the log view. Managing the Server...
Page 23 Viewing active clients This pane lists all client connections including debugging connections to the selected application. The management console displays the following information for each client: Client ID Connection protocol Number of bytes in the connection request and the information returned Connection time Number of messages in and out of the application Dropped messages...
Page 24 Viewing active shared objects This pane lists the active shared objects for an application. The management console displays their name, type (persistent or volatile), and connections (number of users subscribed to this shared object). Select a shared object to view its data values. The information on this pane is helpful when debugging the application.
Page 25 Viewing active streams This pane lists all the active streams in the selected application. The management console displays their names and type. Select a stream to view its properties. To play back a stream, select it and click the Play Stream button on the bottom margin of the pane.
Page 26 Viewing application performance This pane displays the live information for this application. Application and server administrators can review the following data: Client information: total number of clients, how many connections are active, how many connection requests were rejected. Life span of the application: indicating the time the application was started and how long it has been running continuously.
Page 27: Managing The Administrative Users
Managing the administrative users In this section of the management console you control Flash Media Server users with administrative permissions. You can perform the following actions: Add new server and virtual host administrators. Delete administrators. Reset administrators’ passwords. The Users pane occupies the left side of the Manage Users section of the management console.
Page 28: Managing The Servers
Managing the servers The Server pane occupies the left side of the Manage Server section of the management console. This pane lists the servers and virtual hosts that the administrator can access and manage. This pane allows the administrator to select an individual server or a group of servers for viewing information.
Page 29: Managing Servers
Clicking one of the buttons lets the administrator perform one of the following administrative actions on a selected server: Add a server to the administrator’s list. Edit the login information for a server. Delete a server on the administrator’s list. You will also find a series of buttons displayed along the base of this pane: Clicking the buttons lets the administrator perform the following administrative actions on a selected server or virtual host:...
Page 30: Viewing Server Details
Clicking the buttons lets the administrator perform the following actions: Review the performance statistics for the computer where the applications are running. Review detailed information on the connections to the server. Review detailed information about the applications located on the server or virtual host. Review the server’s license keys and files.
Page 31: Viewing Connection Details
Viewing connection details This pane lists all client connections to the selected server. The management console displays the following information for each client accessing the server or virtual host: Client ID. Connection protocol. Number of bytes in the connection request and the information returned. Connection time.
Page 32: Viewing Application Details
Viewing application details This pane displays detailed information for all the applications running on the selected server or virtual host. This panel displays current information about the application instances that are running on the server. The name of each application is displayed, along with the number of instances of the application that have been loaded on or unloaded from the server, the number of users that are connected, and the total number of connections that have been accepted and rejected for each application.
Page 33: Viewing License Files
Viewing license files This pane displays detailed information for all license files authorizing you to run Flash Media Server on the selected server or virtual host. On this panel the management console displays the detailed information for your Flash Media Server license.
Page 34: Viewing The Server Log File
Viewing the server log file This panel displays the trace messages being recorded in the server log file. The log messages report errors as well as normal operations. The server administrator can use the Find box on the bottom margin of the pane to search for partial strings in the log messages.
Page 35: Access Log File
Access log file Flash Media Server 2 maintains an access log that includes statistics about client connections and stream activity. Flash Media Server 2 also maintains application logs for application activities and application logs for diagnostic logs. The application and diagnostic logs are an addition to operating system logs that log error and informational messages about Flash Media Server 2 operations.
Page 36 Event Category Description pause application Client pauses playing a stream. unpause application Client resumes playing a stream. seek application Client jumps to a new location within a recorded stream. stop application Client stops playing a recorded or live stream or stops publishing a live stream.
Page 37 Field Event(s) Description x-appinst application Application instance names. c-ip application Client IP address. c-proto application Connection protocol: RTMP or RTMPT. s-uri application URI of the Flash Media Server 2 application. c-referrer application URI of the referrer. c-user-agent application User agent. c-client-id application Client ID.
Page 38 Field Event(s) Description x-sname-query application Query portion of stream URI specified in play or publish. x-file-name application Full path of the file representing x-sname stream. x-file-ext application Stream type (currently this can be flv or mp3). s-ip application IP address or addresses of the server. x-duration application Duration of a stream or session event.
Page 39: Application Log File
Field Status Code Description play Successful. Bad request (invalid arguments). Access denied by application. Play forbidden by stream module. Stream not found. Unsupported media type. Server internal error. publish Successful. Bad request (invalid arguments). Access denied by application. Stream is already being published Unsupported media type.
Page 40: Diagnostic Log File
Field Event(s) Description x-pid Server process ID. x-status Status code: the code is a 10-character string that represents the severity, category and message ID. The first 3 characters represent severity. This is always in a letter format. The letters are as follows: (w) = warning (e) = error (i) = information...
Page 41 The following table lists the fields in the diagnostic logs. Field Event(s) Description date Date on which the event occurred. time Time at which event occurred. x-pid Server process ID. x-status Status code: the code is a 10-character string that represents the severity, category and message ID.
Page 42 Category Description Javascript TCApplication TCConnector Admin SharedObject Configuration VirtualHost The following table lists the status message IDs in the diagnostic logs. Flash Media Server 2 uses the symbols %1$S, %2$S and %3$S as substitution strings in the status messages. Message ID Description 1000 Received termination signal;...
Page 43 Message ID Description 1018 The call method failed, invalid parameters: call(methodName[, resultObj, p1, pn]). 1019 Dropping application (%1$S) message. Clients not allowed to broadcast message. 1020 Response object not found (%1$S). 1021 Missing unlock for shared object %1$S, lock count %2$S. 1022 Nested lock for shared object %1$S, lock count %2$S.
Page 44 Message ID Description 1046 Reserved property (%1$S). 1047 Admin request received from an invalid admin server. 1048 Administrator login failed for user %1$S. 1049 Failed to start server. 1050 Write access denied for shared object %1$S. 1051 Read access denied for shared object %1$S. 1052 Write access denied for stream %1$S.
Page 45 Message ID Description 1074 Stopped recording %1$S. 1075 Stream %1$S has been idling for %2$S second(s). 1076 Playing and resetting %1$S. 1077 Pausing %1$S. 1078 Unpausing %1$S. 1079 Started playing %1$S. 1080 Stopped playing %1$S. 1081 Recording %1$S. 1082 Failed to record %1$S. 1083 New NetStream created (stream ID: %1$S).
Page 46 Message ID Description 1104 Invalid method name (%1$S). 1105 (%2$S, %3$S): Invalid application name (%1$S). 1106 Connection succeeded. 1107 Connection failed. 1108 Invalid shared object (%1$S). 1109 Unknown exception caught in %1$S. 1110 Invalid stream name (%1$S). 1111 Server started (%1$S). 1112 JavaScript runtime is out of memory;...
Page 47 Message ID Description 1131 (%2$S, %3$S): Resource limit violation. Unable to load new application: %1$S. 1132 (%2$S, %3$S): Resource limit violation. Unable to create new application instance: %1$S. 1133 (%2$S, %3$S): Resource limit violation. Rejecting connection to: %1$S. 1134 Failed to load admin application. 1135 Preload application aborted.
Page 48 Message ID Description 1157 (%2$S, %3$S/%1$S): Current server bandwidth usage exceeds license limit set. Rejecting connection. 1158 (%2$S, %3$S/%1$S): Current virtual host bandwidth usage exceeds max limit set. Rejecting connection. 1159 Multiprocessor support available only in enterprise edition. 1160 Trial run expires Server shutting down. 1161 License key has expired.
Page 49 Message ID Description 1184 Invalid cryptographic accelerator: %1$S. 1185 Failed to initialize cryptographic accelerator: %1$S. 1186 Failed to seed the pseudo-random number generator. 1187 Application directory does not exist: %1$S 1188 Using default application directory: %1$S 1189 Application instance is not loaded: %1$S 1190 Error: command message sent before client connection has been accepted.
Page 50 Message ID Description 1207 Shared object %1$S has changed and is not being saved as auto commit is set to false. Current version %2$S, Last saved version %3$S. 1208 %1$S failed. Invalid argument %2$S. 1209 File operation %1$S failed. %2$S 1210 File operation %1$S failed.
Page 51 Message ID Description 1235 Core (%1$S) connection to admin failed. 1236 Core (%1$S) received close command from admin. 1237 Starting admin app on core (%1$S). 1238 Core (%1$S) connecting to admin. 1239 Core (%1$S): Failed to initiate connection to admin. 1240 Core (%1$S) shutdown failed.
Page 52: Configuring Logging
Configuring logging Flash Media Server logging is configured through the Server.xml and Logger.xml configuration files. Server.xml contains a section that controls the overall logging Logging behavior. This section includes an tag that determines whether logging takes place, Enable and a tag that determines whether Flash Media Server writes separate log files for each Scope virtual host or one file for the entire server.
Page 53 For a more complete listing of all tags, see “Logger.xml file” on page 134. Logger.xml file example The Logger.xml file contains the following XML: <Logger> <Access>   <Directory>${LOGGER.LOGDIR}</Directory>...
Page 54         <!-- 10.
Page 55     <!-- 30.
Page 56 <QuoteFields>disable</QuoteFields>   ...
Page 57: Viewing Server Events In The Windows Event Viewer
XML files. For detailed information about using these ActionScript commands, see the Flash Support Center at www.macromedia.com/ support/flash/. Logging client connections and other system events...
Page 58: Managing Flash Media Server On Linux
Managing Flash Media Server on Linux On all supported Linux platforms, Flash Media Server 2 is installed as a service and includes a command-line utility, the fmsmgr utility, to perform certain administration tasks. You must be a root user to install the server and manage it using the fmsmgr utility; for more information, see “Using the fmsmgr utility”...
Page 59 The following table describes the commands for the utility. fmsmgr Command Description Starts, stops, restarts, or aborts the Flash Admin fmsmgr server adminserver Service. start|stop|abort|restart Sets the Flash Admin Service to be started fmsmgr server clearautostart manually. This command affects only the server service; Admin services cannot be started automatically.
Page 60 Command Description fmsmgr setadmin service_name Changes the default Admin service. service_name is the name of the server you selected during installation. The Admin service name is the same as the Flash Media Server 2 service name. Any installed Admin service can be used to administer one or more servers.
Page 61: Chapter 2: Deploying Flash Media Server
CHAPTER 2 Deploying Flash Media Server This chapter describes the various strategies for deploying Macromedia Flash Media Server 2, including the use of edge and origin servers. Flash Media Server has been designed to accommodate many types of media applications.
Page 62: Configuration For Development And Testing
Configuration for development and testing While developing and testing your applications, you may choose to install a web server, Flash Media Server, and Flash on the same computer. The web root directory in this scenario would contain all the Flash Media Server elements of your applications, such as its FLA, SWF, HTML, script, stream, and shared object files.
Page 63: Deploying On Two Computers With Authentication Through Flash Media Server
Deploying on two computers with authentication through Flash Media Server Some scenarios may require authentication of users who want to access information on an application server. In this case you may want to use a separate computer for Flash Media Server, and another for the web server and application server.
Page 64: Configuring Ssl
This XML tag specifies that Flash Media Server will listen on any interface on ports 1935, 80, and 443, where 443 is designated as a secure port that will receive only RTMPS connections. An RTMPS connection attempt to ports 1935 or 80 will fail: the client will attempt to perform an SSL handshake that the server will fail to complete.
Page 65: Creating Multiple Certificates For An Adaptor
Creating multiple certificates for an adaptor You can configure Flash Media Server to return multiple certificates on a given adaptor by configuring a certificate for each edge server: Configure each tag in the Adaptor.xml file with a attribute. HostPort name Configure each tag to return its own certificate by specifying an tag under...
Page 66: Configuring Independent Virtual Hosts For Ssl Application
Configuring independent virtual hosts for SSL application You can configure the different virtual hosts in Flash Media Server to manage its remote SSL connections independently. For example, you can disable certificate checking in one virtual host, use a different certificate in another store for its trusted root Certificate Authority (CA) certificates, and implement a different set of ciphers in a third virtual host.
Page 67 The default directory structure installed with the server looks like this: The directory structure includes three subdirectories: conf, _defaultRoot_, and _defaultVHost_. subdirectory, at the top of the hierarchy, holds the configuration files for the conf server and the fms.ini file. This subdirectory contains the following: The Server.xml file This file contains settings that relate to the server only.
Page 68 If there is a second adaptor, it has its own subdirectory at the same level as the _defaultRoot_ subdirectory. The _defaultVHost_ subdirectory is the default virtual host subdirectory for the adaptor. It contains the Application.xml file, which contains default settings for the client applications that will connect to the server;...
Page 69: Adding Adaptors And Virtual Hosts
Each adaptor directory must contain a _defaultVHost_ directory. Adding adaptors and virtual hosts To add an adaptor to the server, you must add a complete adaptor directory structure to the server’s conf directory. Each adaptor directory must contain an Adaptor.xml file and at least one virtual host directory, called _defaultVHost_.
Page 70 A typical customized server conf directory might look like this: conf Server.xml Users.xml Logger.xml fms.ini _defaultRoot_ Adaptor.xml _defaultVHost_ applications admin www.macromedia.com applications testApplication videoConference Adaptor2 _defaultVhost_ www.StreamingVideo.com applications AnotherTestAppli WhiteBoard A customized conf directory containing multiple adaptors and application subdirectories and...
Page 71: Server Administration Over Http
Adaptor2 subdirectory. The _defaultRoot_ subdirectory contains the Adaptor.xml file and the _defaultVHost_ subdirectory and another virtual host subdirectory named www.macromedia.com. Each of these virtual host subdirectories contains an application subdirectory. The application subdirectory for www.macromedia.com contains directories for the applications testApplication and videoConference.
Page 72 For example, the following URL passes a command to the server: ping http://myFlashMediaServer:1111/admin/ping?auser=somename&apswd=somepassword The server sends the results back to the browser in XML format. <?xml version="1.0" encoding="utf-8" ?> <result> <level>error</level> <code>Admin.Server.Disconnect</code> <timestamp>10/22/2003 05:31:01 PM</timestamp> <description>FMS server down.</description> </result> For example, the following URL sends a command to the server: getVhostStats http://myFlashMediaServer:1111/admin/...
Page 73 The following is the XML result: <?xml version="1.0" encoding="utf-8" ?> <result> <level>status</level> <code>NetConnection.Call.Success</code> <timestamp>10/22/2003 05:31:01 PM</timestamp> <data> <allocated>8588</allocated> <reused>6603</reused> <size>641100</size> <thread_count>10</thread_count> <units> <global_size>1434</global_size> <thread_size>703</thread_size> <size>2137</size> <reused>6603</reused> <allocated>8588</allocated> <released>2</released> <reallocated>6158</reallocated> <bulk_allocated>69</bulk_allocated> <bulk_released>1503</bulk_released> <huge_allocated>3</huge_allocated> <huge_released>2</huge_released> </units> <bytes> <global_size>430200</global_size> <thread_size>210900</thread_size> <size>641100</size> <reused>1980900</reused> <allocated>14068504</allocated> <released>1618633</released>...
Page 74: Using The Admin Commands
Field name Description Total number of huge (greater than 16K) messages allocated. huge_allocated Total number of huge messages released, in bytes. huge_released Total number of messages that have been reallocated. reallocated Total number of messages released back to the heap. released Total number of messages reused.
Page 75 /admin/ vhostName, addVHostAlias?vhost="_default alias/ VHost_"&alias="www.somealias. aliasName, com"&persist=false persist approveDebugSession appInst, /admin/ debugPIN approveDebugSession?appNa me="app1/ inst1"&debugPIN="1234" broadcastMsg scope, arg0, arg1, /admin/ method arg2 ... broadcastMsg?scope="App:my App"&method="myMethod"&ar g0="foo"&arg1="bar" changePswd username, scope /admin/ password broadcastMsg?username="admi n1"&password="nimda1"&scope ="_defaultRoot_/ foo.macromedia.com" About configuration levels...
Page 76 Command Required Optional Sample URL arguments arguments disconnectUsers appInst, /admin/ clients disconnectUsers?appInst="simp sons/ game1"&clients=["13794136", "13799720"] /admin/gc getActiveInstances /admin/getActiveInstances getAdaptors /admin/getAdaptors getAdminContext /admin/getAdminContext getApps /admin/getApps getAppStats appName /admin/ getAppStats?appName="foo" getConfig2 scope /admin/ getConfig2?key="Admin/ Server/UserList/User:scott/ Password"&scope="/" getFileCacheStats /admin/getFileCacheStats getGroupMembers appInst, /admin/ uid/userid getGroupmembers?appInst="fo o"&groupid=63741000 getGroups...
Page 77 Command Required Optional Sample URL arguments arguments getNetStreams appInst /admin/ getNetStreams?appInst="foo" getNetStreamStats appInst, /admin/ streamids getInstanceStats?appInst="reco rderApp/ _definst_"&streamids=[1,2] getRecordedStreams appInst /admin/ getRecordedStreams?appInst=" foo" getRecordedStreamsStats appInst, /admin/ stream getRecordedStreamStats?appI nst="foo"&stream="on2key?flv:r ec1" getScriptStats appInst /admin/ getScriptStats?appInst="foo" getServerStats /admin/getServerStats getServices /admin/getServices getSharedObjects appInst /admin/getUsers?appInst="foo"...
Page 78 &scope="server" removeApp appName /admin/ removeApp?appName="foo" removeVHostAlias vhost/ /admin/ vhostName, removeVHostAlias?vhost="_def alias/ aultVHost_"&alias="www.somea aliasName, lias.com" persist restartVHost scope /admin/ restartVHost?scope="_defaultR oot_/foo.macromedia.com" setConfig2 key, value scope /admin/ setConfig2?key="Admin/ Server/UserList/User:scott/ Password"&value="foo"&scope= "/" startServer mode /admin/startServer startVHost vhost /admin/ startVHost?vhost="_defaultRoot _/foo.macromedia.com" stopServer mode /admin/ stopServer?mode="normal"...
Page 79: Symbolic Text Substitutions
Symbolic text substitutions Flash Media Server supports the use of symbolic text substitutions in all tags in the server’s XML configuration files. When you specify a symbol in any configuration tag, Flash Media Server will substitute the string you have mapped to that symbol when it reads the configuration file.
Page 80: Predefined Symbols
Once you have defined such a mapping, you can use the symbol in one of the XML configuration files. To use a symbol in place of a normal string in a configuration file, specify the symbol name, with the characters before the symbol name, and after the symbol name.
Page 81: Mapping Environment Variables
Mapping environment variables You can also specify symbols that resolve to environment variables. To refer to an environment variable in one of the XML configuration files, use the name of the environment variable within percent ( ) characters. The characters indicate to the server that the symbol refers to an environment variable, and not to a user-defined string.
Page 82: Building The Symbol Map
Building the symbol map You may use a symbol anywhere, such as in the substitution.xml file, or any of the external configuration files, as long as it has been defined before the server encounters it. The server builds the symbol map in the following order: The predefined symbols are evaluated first.
Page 83 For example, given the previous XML fragment, the following statements are valid: trace() trace("I am " + application.config.user_name + " and I work in the " + application.config.dept_name + " department."); trace("I am " + application.config["user_name"] + " and I work in the " + application.config["dept_name"] + "...
Page 84 Deploying Flash Media Server...
Page 85: Chapter 3: Configuration Files
Macromedia Flash Media Server 2 accommodates a wide range of applications. After installation, the server’s configuration files contain generic settings. As you develop and test your applications, you will use these files to configure the server to best suit these applications.
Page 86: Server.xml File
Server.xml file The Server.xml file is located at the root level of the directory and contains the tags and conf You can edit the Server.xml nformation used to configure Flash Media Server 2. file to add or remove configuration information. The Server.xml file contains the following tag structure.
Page 87 </Process> </AdminServer> <ResourceLimits> <CPUMonitor>1</CPUMonitor> <ThreadPoolGC>20</ThreadPoolGC> <MsgPoolGC>60</MsgPoolGC> <ApplicationGC>5</ApplicationGC> <FLVCacheSize>40</FLVCacheSize> <SocketGC>60</SocketGC> <SSLSessionCacheGC>5</SSLSessionCacheGC> <Connector> <HTTP> <MinIOThreads>0</MinIOThreads> <MaxIOThreads>0</MaxIOThreads> <MaxConnectionQueueSize>-1</MaxConnectionQueueSize> </HTTP> <RTMP> <MinIOThreads>0</MinIOThreads> <MaxIOThreads>32</MaxIOThreads> <NumCRThreads>0</NumCRThreads> <MinConnectionThreads>0</MinConnectionThreads> <MaxConnectionThreads>0</MaxConnectionThreads> <MaxConnectionQueueSize>-1</MaxConnectionQueueSize> </RTMP> </Connector> <Protocol> <RTMP> <Edge> <MinIOThreads>0</MinIOThreads> <MaxIOThreads>0</MaxIOThreads> <SocketTableSize>-1</SocketTableSize> <SocketOverflowBuckets>-1</SocketOverflowBuckets> </Edge> <Core> <MinIOThreads>0</MinIOThreads> <MaxIOThreads>0</MaxIOThreads> <SocketTableSize>-1</SocketTableSize> <SocketOverflowBuckets>-1</SocketOverflowBuckets> </Core> <Admin> <MinIOThreads>0</MinIOThreads>...
Page 88 <SocketOverflowBuckets>-1</SocketOverflowBuckets> <CoreTimeout>30</CoreTimeout> </ECCP> <ACCP> <MinIOThreads>0</MinIOThreads> <MaxIOThreads>0</MaxIOThreads> <SocketTableSize>-1</SocketTableSize> <SocketOverflowBuckets>-1</SocketOverflowBuckets> </ACCP> </Protocol> <IPCQueues> <GlobalQueue> <HeapSize>1024</HeapSize> <MaxQueueSize>100</MaxQueueSize> </GlobalQueue> <EdgeCore> <HeapSize>2048</HeapSize> <MaxQueueSize>100</MaxQueueSize> </EdgeCore> <Services> <HeapSize>2048</HeapSize> <MaxQueueSize>100</MaxQueueSize> </Services> </IPCQueues> <MessageCache> <MaxCacheUnits>4096</MaxCacheUnits> <MaxCacheSize>100</MaxCacheSize> <MaxUnitSize>16</MaxUnitSize> <FreeRatio>0.125</FreeRatio> <GlobalRatio>0.4</GlobalRatio> <MaxAge>1000000</MaxAge> <UpdateInterval>1024</UpdateInterval> <FreeMemRatio>0.5</FreeMemRatio> </MessageCache> <SmallMemPool> <MaxCacheUnits>4096</MaxCacheUnits> <MaxCacheSize>100</MaxCacheSize> <MaxUnitSize>16</MaxUnitSize> <FreeRatio>0.125</FreeRatio> <GlobalRatio>0.4</GlobalRatio> <MaxAge>1000000</MaxAge>...
Page 89: Summary Of Server.xml Tags
<MaxAge>1000000</MaxAge> <UpdateInterval>1024</UpdateInterval> <FreeMemRatio>0.5</FreeMemRatio> </LargeMemPool> <SegmentsPool> <MaxCacheUnits>4096</MaxCacheUnits> <MaxCacheSize>100</MaxCacheSize> <MaxUnitSize>16</MaxUnitSize> <FreeRatio>0.125</FreeRatio> <GlobalRatio>0.4</GlobalRatio> <MaxAge>1000000</MaxAge> <UpdateInterval>1024</UpdateInterval> <FreeMemRatio>0.5</FreeMemRatio> </SegmentsPool> <Master> <CoreGC>300</CoreGC> <CoreExitDelay>20</CoreExitDelay> </Master> </ResourceLimits> <Logging> <Time>local</Time> <Access> <Enable>true</Enable> <Scope>server</Scope> </Access> <Diagnostic> <Enable>true</Enable> </Diagnostic> <Application> <Enable>true</Enable> </Application> </Logging> </HttpProxy> <LocalHost>127.0.0.1</LocalHost> </Server> <ServerDomain></ServerDomain> </Root> Summary of Server.xml tags This table lists alphabetically the tags in the Flash Media Server Server.xml configuration file.
Page 90 Server.xml tag Description Container tag; contains the tags that configure the RTMP Admin protocols for the FMSAdmin.exe process. Container tag; contains tags to configure the Flash Media AdminServer Admin Service. Specifies which automatic proxy discovery messages Flash Allow Media Server responds to. Specifies which clients this proxy server will respond to with AllowZones the Autodiscovery message.
Page 91 Server.xml tag Description Specifies which automatic proxy discovery messages not to Deny respond to. Container tag; contains tag to enable the diagnostic log file. Diagnostic Container tag; contains tags to configure the edge core ECCP communication protocol. Container tag; contains tags to configure the RTMP Edge protocol for FMSEdge.exe process.
Page 92 Server.xml tag Description Container tag; contains tags to configure the large memory LargeMemPool pool. Specifies the Flash Media Server IP loopback address. LocalHost Container tag; contains tags to perform the overall logging Logging configuration. Contains a three-digit octal value used by the Linux umask Mask (user permissions mask) command to set a file creation mask.
Page 93 Server.xml tag Description Specifies the zone that the edge server belongs to when it MyZone broadcasts FPAD messages. Specifies the number of completion routine threads for edge NumCRThreads server I/O processing on WIndows 32-byte systems. Specifies whether the Allow or Deny tag is evaluated first. Order Container tag: contains the ID tags for all server processes Process...
Page 94 Server.xml tag Description Specifies the number of overflow buckets if all slots in SocketOverflowBuckets socket table are in use. Specifies the size of the direct access socket table for quick SocketTableSize lookup. Container tag; contains tags to configure Flash Media Server as an SSL-enabled client for secure communications.
Page 95: Description Of Server.xml Tags
Description of Server.xml tags The following alphabetical list of Server.xml tags contains additional information, including cross references to associated tags, syntax, and examples. Access Container tag. Description The tags nested within the container configure the Access log settings. Access Contained tags Enable (Access) Scope ACCP...
Page 96 <Allow>x.foo.com, foo.com, 10.60.1.133, 10.60</Allow> <Allow>all</Allow> These examples list the computers sending requests that Flash Media Server will process. Macromedia does not recommend the use of “all” as an attribute. It creates an opportunity for a security risk. See also Deny...
Page 97 Description This tag is a comma-delimited list of zones that the sole origin server or the edge servers in a cluster will service. While the tags restrict access based on IP address or host Allow Deny name, the tag allows access based on the zone where the client is located. AllowZones A zone is a number, and a client is assigned as belonging to a particular zone by setting the property in the...
Page 98 Description The tags nested within the container set up and configure a single, or a AutoDiscovery cluster of, edge or proxy servers. Contained tags Allow AllowZones BindInfo BroadcastAddress BroadcastPort ClusterMonitorInterval Deny Enable (AutoDiscovery) MyZone Order ProxyInfo SecureProxyInfo BindInfo This tag identifies the IP and port number that Flash Media Server listens on for proxy autodiscovery messages.
Page 99 DHCP is a protocol for assigning dynamic IP addresses to devices on a network. DHCP supports a mix of static and dynamic IP addresses. ClusterMonitorInterval This tag specifies in seconds how often to check for stale edges. Description Stale edges are those edges that have not sent the FADP a keep-alive message within the specified time limit.
Page 100 See also containers ACCP Admin ECCP Edge HTTP RTMP (Protocol) CoreGC This tag specifies how often to check for and remove idle or unused cores. Description The default is 300 seconds. CoreTimeout This tag specifies the timeout value for detecting unresponsive cores. Description The default timeout is 30 seconds.
Page 101 Deny This tag specifies which automatic proxy discovery messages Flash Media Server does not respond to. Description This tag is a comma-delimited list of host names, domain names, and full or partial IP address, as well as the keyword . This tag works in conjunction with the Allow Order tags to determine which automatic proxy discovery messages Flash Media Server responds to.
Page 102 Contained tags MinIOThreads MaxIOThreads SocketOverflowBuckets SocketTableSize See also containers ACCP Admin Core ECCP HTTP RTMP (Protocol) EdgeCore Container tag. Description The tags nested within the container control the IPC (interprocess EdgeCore communication) message queue used by edge and core processes to communicate with each other.
Page 103 Enable (AutoDiscovery) Server.xml uses four tags named : the tag in the container and Enable Enable AutoDiscovery tags in the Access, Application, and Diagnostic subdirectories in the Enable Logging container. Description This tag enables or disables the Flash Media Server automatic proxy discovery process. A value enables the process;...
Page 104 See also FreeRatio FreeRatio Located in the , and LargeMemPool MessageCache SegmentsPool SmallMemPool containers. Description This tag specifies the percentage of the message cache to be consumed by the free list on a per-thread basis. The range of this setting lies between 0 (0 percent) and 1 (100 percent). The default setting is 0.125 (12.5 percent).
Page 105 GlobalRatio Located in the , and LargeMemPool MessageCache SegmentsPool SmallMemPool containers. Description This tag specifies the percentage of the message cache to be consumed by the free list on a global basis. When more free memory is available to a thread than the specified ratio, the freed memory will return to the operating system.
Page 106 Syntax <HostPort>[<ip>][:<port>]</HostPort> HTTP Container tag. Description The tags nested within the container configure the HTTP connector, which is used by HTTP remote Flash Player sites to access Flash Media Server. The following reference table gives the default values for all thread configurations. Default Value Description Allocates the default number of threads.
Page 107 Description The tags nested within the container configure the large memory pool, which LargeMemPool caches large chunks of memory within Flash Media Server to increase performance of large allocations. Contained tags FreeMemRatio FreeRatio GlobalRatio MaxAge MaxCacheSize MaxUnitSize UpdateInterval See also containers MessageCache SegmentsPool...
Page 108 Mask A three-digit octal value used by the Linux (user permissions mask) command to set a umask file creation mask. The user must enter the mask in a three-digit octal format. The default setting for this tag is in octal. Description This tag is applicable for Flash Media Server running Linux systems only.
Page 109 Description This tag defines the maximum size of the cache in megabytes. The default is 100 MB. See also MaxCacheUnits MaxCacheUnits Located in the , and LargeMemPool MessageCache SegmentsPool SmallMemPool containers. Description This tag defines the maximum number of free units in the cache. Keep in mind that the number of free units may be less than maximum if the value of the limit is MaxCacheSize...
Page 110 MaxIOThreads Located in the , and containers. ACCP Admin Core ECCP Edge HTTP RTMP (Connector) Description This tag specifies the maximum number of threads that can be created for I/O processing. Use the following information to configure all I/O and connection threads processing: A value of 0 allocates the default number of threads (10).
Page 111 MaxUnitSize Located in the , and LargeMemPool MessageCache SegmentsPool SmallMemPool containers. Description This tag specifies the threshold of the maximum message size to get back into the cache. The size is specified in kilobytes. The default size is 16K. MaxWaitTime Description This tag defines the maximum time in milliseconds that the client should wait for additional FPAD responses from the proxy servers.
Page 112 Description This tag specifies the minimum number of threads in the pool for I/O operations. The default is 1 times the number of processors. To use the default, specify the value 0. See also MaxConnectionThreads MinIOThreads This tag is located in the , and ACCP Admin...
Page 113 MyZone This tag specifies the zone that the edge or proxy server belongs to when it broadcasts a FPAD message. The message includes the cluster ID that the proxy or edge server belongs to. Description Other edge servers in the cluster will add this edge when its zone is one of their allowed zones. Proxies respond only to other proxies with the same cluster ID.
Page 114 <Allow>foo.macromedia.com,10.41.1.55</Allow> <Deny>all</Deny> <Order>Deny,Allow</Order> This example instructs Flash Media Server not to process any requests except for those from the computer named foo.macromedia.com and the computer with the IP address 10.41.1.55: <Allow>all</Allow> <Deny>10.41</Deny> <Order>Allow,Deny</Order> This example specifies that server will accept and process all requests except those coming from computers that match the IP address 10.41.x.x:...
Page 115 Contained tags containers ACCP ECCP RTMP (Protocol) ProxyInfo This tag specifies the host (or IP) and port to return to the client in the response to a FPAD message. Description The value for this tag must match the value for one of the tags in the Adaptor.xml HostPort file.
Page 116 RTMP (Connector) Flash Media Server uses two container tags named : one nested within the RTMP Connector container, and the other nested within the container. Protocol Container tag located in the container. Connector Description This container holds the tags that configure RTMP (Real-Time Messaging Protocol). RTMP is the protocol used for communication between users (typically Flash Player users) and Flash Media Server.
Page 117 See also container. RTMP (Connector) Connector Scope This tag determines whether to write a separate log file for each virtual host or to write one log file for the server. Description The value for this tag is . The default is , which enables logging for all server vhost...
Page 118 Contained tags , and AdminServer AutoDiscovery Logging Mask Process ResourceLimits containers ServerDomain This tag specifies the host name (with the domain) of the server computer. Description You set this tag in the referrer header tag when a connection is established with a remote server using .
Page 119 SocketGC Description This tag specifies in seconds how often Flash Media Server checks for and removes inactive sockets. The default value is 60 seconds. Located in the containers. AdminServer ResourceLimits SocketOverflowBuckets This tag specifies the number of overflow buckets if all slots in the socket table are in use. Description The default number of buckets is 16.
Page 120 The following is a quick-start to enable SSL connections with Flash Media Server. Specify the location of the certificate in the tag. SSLCertificateFile If the private key file is encrypted, specify the passphrase to use for decrypting the private key file in the tag.
Page 121 To import these certificates, run . This FMSmaster > Console > Initialize [directory] action imports all current certificates into a directory in the Flash Media Server certs installation directory. When verifying a certificate, Flash Media Server will look for trusted root certificates in the file specified by the tag or in the directory specified by the SSLCACertificateFile...
Page 122 The cipher list consists of one or more cipher strings separated by colons. Commas or spaces are also acceptable separators but colons are normally used. The string of ciphers string can take several different forms. It can consist of a single cipher suite such as RC4-SHA. It can represent a list of cipher suites containing a certain algorithm, or cipher suites of a certain type.
Page 123: Authentication Methods
These cipher strings instruct Flash Media Server to accept only RSA key exchange, and refuse export or null encryption. The server evaluates both strings as equivalent. <SSLCipherSuite>ALL:+HIGH:+MEDIUM:+LOW:+EXP:+NULL</SSLCipherSuite> This cipher list instructs the server to accept all ciphers, but order them in order of decreasing strength.
Page 124 Encryption Methods Description IDEA IDEA encoding NULL No encryption All export ciphers (40 bit encryption) Low-strength ciphers (no export, DES) MEDIUM 128-bit encryption HIGH Triple-DES encoding Digest Types Description MD5 hash function SHA1 SHA1 hash function SHA hash function Additional Aliases Description All ciphers SSLv2...
Page 125 SSLRandomSeed This tag specifies the number of bytes of entropy to use for seeding the pseudo-random number generator (PRNG). Description Entropy is a measure of randomness. The more entropy, the more random are the numbers that the PRNG will generate. The default number of bytes to specify for this tag is 16. Specifying a larger number for this tag provides improved randomness and therefore better security, but the larger number may noticeably affect the server’s performance.
Page 126 Description Certificate verification is enabled by default. To disable certificate verification, set the value for this tag to “false”. <SSLVerifyCertificate>false</SSLVerifyCertificate> Disabling certificate verification can result in a security hazard. See also SSLVerifyDepth SSLVerifyDepth This tag specifies the maximum depth in the certificate chain from which Flash Media Server will accept certificates.
Page 127 This tag specifies in seconds how often to broadcast a keep-alive message to other edges in the cluster, and how often another edge should expect to receive a keep-alive message from this edge. The default value is one second. Description If the other edges do not receive the keep-alive message within the specified limit, the FADP assumes that this edge server is not operating and removes it from the cluster.
Page 128: Users.xml File
Example <UserData> <foo>bar</foo> </UserData> This result for this subtag displays the following property: NetConnection.proxyInfo.foo = "bar". Users.xml file Users.xml is the configuration file for the Flash Media Admin Service users and is located at the root level of the directory. It contains the tags and i conf nformation used to identify You edit...
Page 129: Description Of Users.xml Tags
Users.xml tag Description Defines the list of specific hosts from which the administrator can Allow (Users) connect to Flash Media Admin Service. Lists the Flash Media Admin Service commands denied access Deny (HTTPCommands) via HTTP. Lists the specific hosts from which the administrator cannot Deny (User) connect to the Flash Media Admin Service.
Page 130 Using the value “All” for the tag authorizes the administrator to use all HTTP Allow commands. Macromedia does not recommend use of “all,” as it creates an opportunity for a security risk. See also in the HTTPCommands container; in the User...
Page 131 Media Admin Service. You restrict the administrator’s access by creating a comma-delimited list of those host names or domain names and/or (full or partial) IP addresses. Example <Deny>foo.yourcompany.com,macromedia.com,10.60.1.133,10.60</Deny> This example lists the computers sending connections requests that Flash Media Admin Service will not accept.
Page 132 Syntax <Enable>on</Enable> <Enable></Enable> HTTPCommands Container tag. Description This section contains the settings for those Flash Media Admin Service commands that can be accessed through HTTP. Contained tags Allow (HTTPCommands) Deny (HTTPCommands) Enable Order (HTTPCommands) Order (HTTPCommands) Flash Media Server uses two tags: one in the container, and the other in Order...
Page 133 Description This tag specifies the sequence in which Flash Media Server evaluates the tags Allow Deny for an administrator. Syntax <Order>Allow,Deny</Order> The default sequence means that administrative access is allowed unless the user Allow, Deny is specified in the list of commands and not in the list: Allow Deny...
Page 134: Logger.xml File
Description You can identify multiple administrators for a virtual host by creating a profile for each administrator with the , and User Password Allow (Users) Deny (User) Order (User) tags. Example <User name=”jsmith></User> Use the attribute to identify the login name of a Flash Media Server administrator: name UserList Container tag.
Page 135 The Logger.xml file contains the following tag structure. <Logger> <Access> <LogServer enable="false" type="udp"></LogServer> <HostPort></HostPort> <ServerID></ServerID> <DisplayFieldsHeader>100</DisplayFieldsHeader> <Directory>${LOGGER.LOGDIR}</Directory> <FileName>access.[NN].log</FileName> <Time>local</Time> <Rotation> <MaxSize>10240</MaxSize> <Schedule type="daily">00:00</Schedule> <History>5</History> </Rotation> <Events>connect;disconnect;play;pause;unpause;stop</Events> <Fields>x-category;x-event;date;time;x-pid;c-ip;cs-bytes;sc-bytes; x-sname;sc-stream-bytes;x-file-size;x-file-length</Fields> <Delimiter></Delimiter> <QuoteFields>disable</QuoteFields> <EscapeFields>enable</EscapeFields> </Access> <Diagnostic> <Directory>${LOGGER.LOGDIR}</Directory> <Rotation> <MaxSize>10240</MaxSize> <Schedule type="daily">00:00</Schedule> <History>5</History> </Rotation> </Diagnostic>...
Page 136: Summary Of Logger.xml Tags
Summary of Logger.xml tags This table lists alphabetically the tags in the Flash Media Server Logger.xml configuration file. By default, the log files are located in the logs directory in the server installation directory. Logger.xml tag Description Container tag; contains tags to configure the Access log file Access settings.
Page 137: Description Of Logger.xml Tags
Description of Logger.xml tags The following alphabetical list of Logger.xml tags contains additional information, including cross references to associated tags, syntax, and examples. Access Container tag. Description The tags nested within this container configure the Access log settings. Contained tags Delimiter EscapeFields Events...
Page 138 See also Directory EscapeFields QuoteFields Diagnostic Container tag. Description The tags in this section configure the diagnostic log file. Contained tags Directory Rotation Time Directory This tag specifies the directory where the log files are located. Description By default, the log files are located in the logs directory in the server installation directory. Located in containers Access...
Page 139 The unsafe characters are as follows: the space character; open or closed angle brackets (< >); a double quotation mark ("); the pound sign (#); the percent sign (%); open or closed curly braces ({ }); bars (|); carat (^); tilde (~); square brackets ([ ]); and apostrophe (`). See also Delimiter Directory...
Page 140 Event Category Description vhost-start application A virtual host has started. vhost-stop application A virtual host has stopped. The following events display a status code. Field Status Code Description connect-pending 100 Waiting for the application to authenticate. connect Successful connection. Application currently unavailable. Bad request;...
Page 141 The keyword * specifies that all fields are to be logged. Fields without data are left empty. Macromedia recommends that you include the following fields in the fields to be logged: the type, category, date, and time fields.
Page 142 Field Event(s) Description x-mem-load application Memory usage (as reported by the getServerStats() method). x-adaptor application Adaptor name. x-vhost application Vhost name. x-app application Application names. x-appinst application Application instance names. c-ip application Client IP address. c-proto application Connection protocol: RTMP or RTMPT. s-uri application URI of the Flash Media Server application.
Page 143 Field Event(s) Description sc-stream-bytes application This field shows the number of bytes transferred from the server to the client per stream. To calculate the bandwidth usage per stream, subtract the ‘sc-stream-bytes’ in the ‘play’ event by the ‘sc- stream-bytes’ in the ‘stop’ event. cs-uri-stem application Stem portion of s-uri (omitting query) field.
Page 144 Syntax access.[YYYYMMDDNN].log Example access.2005103043.log This example identifies version 43 of the access log file for October 10, 2005. History This tag specifies the maximum number of log files to keep. Description The files are named as access.01.log, access.02.log, access.03.log, and so on. The default number of files to retain is 5.
Page 145 See also ServerID MaxSize This tag specifies the maximum log file size in bytes. The default file size is 10240Kb, or approximately 1 Mb. Example <Maxsize>10240</MaxSize> See also Schedule QuoteFields Formatting tag. Specifies whether or not to use quotation marks to surround those fields in the log file that include a space.
Page 146 Description There are two types of scheduling: daily rotation and rotation that occurs when the log exceeds a specified length. Examples <Schedule type="daily"></Schedule> If the attribute is , Flash Media Server rotates the log files every 24 hours. type daily <Schedule type="hh:mm"></Schedule>...
Page 147: Adaptor.xml File
Adaptor.xml file The Adaptor.xml file is the configuration file for individual network adaptors in Flash Media Server. It determines the number of threads that can be used by the adaptor, the communications ports that adaptor binds to, and the IP addresses or domains from which the adaptor can accept connections.
Page 148: Summary Of Adaptor. Xml Tags
<HTTPIdent enable="false"></HTTPIdent> <HTTPUserInfo enable="false"></HTTPUserInfo> <Path></Path> <MaxSize>100</MaxSize> <UpdateInterval>5</UpdateInterval> </Adaptor> Summary of Adaptor. xml tags This table lists alphabetically the tags in the Flash Media Server Adaptor.xml configuration file. Adaptor.xml tag Description Root tag; contains all the other adaptor configuration tags. Adaptor Identifies the specific hosts from which clients can connect Allow to the server.
Page 149 Adaptor.xml tag Description Specifies the default MIME type header sent on tunnel MimeType responses. Specifies whether HTTP 1.0 non-keepalive connections are NeedClose to be closed once the response is written. Specifies a unique node identification to support the NodeID implementation of load balancers. Specifies the order in which to evaluate the Allow and Deny Order tags.
Page 150: Description Of Adaptor.xml Tags
Description tag is a comma-delimited list of host names or domain names, and/or full or Allow partial IP addresses. Example <Allow>foo.yourcompany.com, macromedia.com, 10.60.1.133, 10.60</Allow> See also Deny Order Deny This tag identifies the hosts whose clients’ attempts to connect to the server(s) will be rejected.
Page 151 Description The following table identifies the attributes for the tag and describes their effect. Enable Value Description true Allow all HTTP tunneling connections. false Disallow all HTTP tunneling connections. http1.1only Allow only HTTP 1.1 tunneling connections. keepalive Allow HTTP 1.1 or HTTP 1.0 keepalive connections. Although you can assign any port number for HTTP tunneling, there is a risk of conflict with another application that may be assigned to the same port.
Page 152 You can also bind to any IP by not specifying anything in front of the colon. This string instructs the adaptor to bind to any IP on ports 1935, 80, and 443. <HostPort>127.0.0.1</HostPort> If no colon is found in the string, the data is assumed to be an IP address and will HostPort bind to port 1935 as the default.
Page 153 HTTPIdent This tag configures the server to respond to or reject an HTTP identification request from a client. Example <HTTPIdent enable="true"></HTTPIdent> When the attribute is set to “ ,” all tags within the section are enable true HTTPIdent returned as a response. The entire response will be enclosed in tags, which are <FCS></FCS>...
Page 154 HttpUserInfo This tag specifies the physical location where the user-defined XML file is stored in the server. Description By default the XML files are placed in the directory in the server installation directory. uInfo When the attribute is set to “ , Flash Media Server responds to the HTTP enable true”...
Page 155 IdlePostInterval This tag specifies in milliseconds the interval at which the client sends idle posts to the server to indicate that Flash Player has no data to send. Description The default settings for the tags provide medium IdleAckInterval IdlePostInterval latency and are set to 512/512 milliseconds. Low values reduce the latency but increase the network bandwidth overhead.
Page 156 Description Anomalous connections are closed after the specified wait time. The default wait time is 40 seconds. Example <Edge name="Edge1"> <Enable>true</Enable> <IdlePostInterval>512</IdlePostInterval> <IdleAckInterval>512</IdleAckInterval> <MimeType>application/x-fms</MimeType> <WriteBufferSize>16</WriteBufferSize> <SetCookie>false</SetCookie> <RedirectHost secure="false">:8080</RedirectHost> <NeedClose>true</NeedClose> <MaxWriteDelay>40</MaxWriteDelay> </Edge> You may want to use this sample code as a template for configuring each edge server. MimeType This tag specifies the default MIME (Multipurpose Internet Mail Extensions) type header sent on tunnel responses.
Page 157 Description If the tag is used, a following string of up to 9 characters is prefixed to the tunnel NodeID session IDs and can be used by the load balancers to uniquely identify each node in the cluster. The ID must contain URL safe characters except for '.' and '/', which are replaced by '_' and '-' respectively.
Page 158 See also MaxFailures Redirect This tag specifies whether or not the adaptor redirects unknown requests to an external server. For redirection to work, HTTP tunneling must be enabled. Description An unknown request may connect only when it is the first request on a newly accepted connection.
Page 159 Description Cookies are required when using load balancers to ensure that requests corresponding to one network connection are always sent to the same server. Keep in mind that the cookie adds to the HTTP header size and increases the bandwidth overhead. Container tag.
Page 160 SSLCACertificateKeyFile This specifies the location of the private key file that corresponds to the public key in the certificate specified in tag. SSLCertificateFile Description If this file is encrypted, a password must be specified for decrypting, and placed in the tag described below.
Page 161 To prevent plain text passwords appearing in the configuration file, this can be specified by doing a base64 encoding on the password and setting the attribute to encrypt "true" Example <SSLPassPhrase encrypt="true">dGluY2Fu</SSLPassPhrase> The encrypted password is equivalent to the plaintext format: <SSLPassPhrase>tincan</SSLPassPhrase>...
Page 162: Vhost.xml File
Each virtual host must have its own directory inside the adaptor directory. The name of the directory must be the actual name of the virtual host, such as streaming.macromedia.com. Each defined virtual host must be mapped to a DNS [Domain Name Server] entry or another name resolution such as a WINS address or a hosts file, that specifies an IP address on the server computer.
Page 163 <MaxStreams>-1</MaxStreams> <MaxSharedObjects>-1</MaxSharedObjects> <AppInstanceGC>20</AppInstanceGC> <MessageCache> <MaxCacheUnits>4096</MaxCacheUnits> <MaxCacheSize>100</MaxCacheSize> <MaxUnitSize>16</MaxUnitSize> <FreeRatio>0.125</FreeRatio> <GlobalRatio>0.4</GlobalRatio> <MaxAge>1000000</MaxAge> <UpdateInterval>1024</UpdateInterval> <FreeMemRatio>0.5</FreeMemRatio> </MessageCache> <SmallMemPool> <MaxCacheUnits>4096</MaxCacheUnits> <MaxCacheSize>100</MaxCacheSize> <MaxUnitSize>16</MaxUnitSize> <FreeRatio>0.125</FreeRatio> <GlobalRatio>0.4</GlobalRatio> <MaxAge>1000000</MaxAge> <UpdateInterval>1024</UpdateInterval> <FreeMemRatio>0.5</FreeMemRatio> </SmallMemPool> <LargeMemPool> <MaxCacheUnits>4096</MaxCacheUnits> <MaxCacheSize>100</MaxCacheSize> <MaxUnitSize>16</MaxUnitSize> <FreeRatio>0.125</FreeRatio> <GlobalRatio>0.4</GlobalRatio> <MaxAge>1000000</MaxAge> <UpdateInterval>1024</UpdateInterval> <FreeMemRatio>0.5</FreeMemRatio> </LargeMemPool> <SegmentsPool> <MaxCacheUnits>4096</MaxCacheUnits> <MaxCacheSize>100</MaxCacheSize> <MaxUnitSize>16</MaxUnitSize> <FreeRatio>0.125</FreeRatio> <GlobalRatio>0.4</GlobalRatio> <MaxAge>1000000</MaxAge> <UpdateInterval>1024</UpdateInterval>...
Page 164: Summary Of Vhost.xml Tags
<Proxy> <Mode></Mode> <Anonymous></Anonymous> <CacheDir enabled=”false”></CacheDir> <LocalAddress></LocalAddress> <RouteTable protocol=””> <RouteEntry></RouteEntry> </RouteTable> <SSL> <SSLVerifyCertificate>true</SSLVerifyCertificate> <SSLCACertificatePath></SSLCACertificatePath> <SSLCACertificateFile></SSLCACertificateFile> <SSLVerifyDepth>9</SSLVerifyDepth> <SSLCipherSuite>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</SSLCipherSuite> </SSL> </Proxy> </VirtualHost> Summary of Vhost.xml tags The following list alphabetically displays the tags in the Vhost.xml configuration file. Vhost.xml tag Description Specifies the assumed name(s) for the virtual host. Alias Container tag;...
Page 165 Vhost.xml tag Description Container tag; the tags in this section configure the small LargeMemPool memory pool. Specifies a local IP Address for a proxy’s outgoing LocalAddress connection. Specifies the maximum reuse count before freeing the MaxAge cache unit. Specifies the maximum number of application instances MaxAppInstances that can be loaded onto the virtual host.
Page 166 Vhost.xml tag Description Container tag; the tags in this section configure this virtual host for secure communications. Specifies the name of a file that contains one or more CA SSLCACertificateFile certificates in PEM encryption format. Specifies the name of the directory containing one or more SSLCACertificatePath CA certificates.
Page 167: Description Of Vhost.xml Tags
Example <Alias name="abc">abc.macromedia.com</Alias> If the name of this virtual host is "abc.macromedia.com", but you wish to connect by simply specifying "abc", then specify the alias "abc". Keep in mind that "abc" must still map to the same IP address as "abc.macromedia.com".
Page 168 This example allows connections only. localhost <Allow>all</Allow> This example allows connections from all domains. Macromedia does not recommend the use ; it may create a security risk. “all” Anonymous This tag configures the virtual host as an anonymous proxy (also called an implicit or transparent proxy) or as an explicit proxy.
Page 169 The Applications directory is the base directory where all applications for this virtual host are defined. You define an application by creating a directory with the application name. In Windows, the default location is AppsDir C:\Program Files\Macromedia\Flash Media Server\applications On Linux, the default location is /opt/macromedia/fms/applications Example <AppsDir>C:\MyApps;D:\NewApps</AppsDir>...
Page 170 You can also specify multiple applications directories by separating locations with a semicolon (;). You can specify two locations, each of which contains application subdirectories. If you change the default location of the tag, be sure to include a directory named AppsDir admin each directory.
Page 171 FreeMemRatio Located in , and containers. LargeMemPool MessageCache SegmentsPool SmallMemPool This tag specifies the maximum percentage of total memory that the total pool size may occupy. Description This tag’s setting ranges between 0 and 1. The default setting is 0.5. See also FreeRatio GlobalRatio...
Page 172 LargeMemPool Container tag. Description The Large Memory Pool caches large chunks of memory within Flash Media Server to increase performance of large allocations. Contained tags FreeMemRatio FreeRatio GlobalRatio MaxAge MaxCacheSize MaxCacheUnits MaxUnitSize UpdateInterval LocalAddress This tag binds a proxy's outgoing connection to a specific local IP address. Description tag lets you allocate incoming and outgoing connections to different LocalAddress...
Page 173 A Flash SWF file defines which application instance it is connecting to by the parameters it includes with its ActionScript call. connect MaxCacheSize Located in , and containers. LargeMemPool MessageCache SegmentsPool SmallMemPool This tag specifies the size of the cache in megabytes. Description The default cache size is 100 megabytes.
Page 174 MaxStreams This tag specifies the maximum number of streams that can be created. Description The default number of streams is 250000. MaxUnitSize Located in , and containers. LargeMemPool MessageCache SegmentsPool SmallMemPool This tag specifies the size threshold for messages that can be returned to the cache. Description The threshold is specified in kilobytes.
Page 175 If the tag is undefined, the virtual host is evaluated as an alias for the default virtual Mode host and assumes its configuration. Syntax <Mode>local</Mode> See also Anonymous Proxy Proxy Container tag. Description The tags nested in this section configure this virtual host as a proxy server that can forward connection requests from applications running on one remote server to another remote server.
Page 176 RouteEntry This tag contains the routing information that instructs the proxy to forward the connection request to one server’s IP address and port number [host:port] to a different host:port Syntax <host1>:<port1>;<host2>:<port2> The syntax instructs a Flash Media Server proxy where to route the connection to host1:port1 host2:port2 Description...
Page 177 The example instructs Flash Media Server to use the values for host and port on the left side as the values for host and port on the right side, and to route connections destined for any host on any port to the same host on port 80. <RouteEntry>foo:80;null</RouteEntry>...
Page 178 You can override the security status for a connection mapping by specifying a protocol attribute in a tag. By default, Flash Media Server applies the protocol configured RouteEntry in the list unless the mapping for a particular tag overrides it. RouteTable RouteEntry Contained tag...
Page 179 Description If a virtual host is running in mode as a proxy or edge server and you want to remote configure the properties of an outgoing SSL connection to an upstream server, then you must enable this section and configure its SSL tags appropriately. When Flash Media Server acts as a client to make an outgoing SSL connection, the following sequence of events takes place: tags in the Vhost.xml file are evaluated first.
Page 180: Additional Information
This example maps all streams whose names begin with to the physical directory c:\data. foo/ The stream named would map to the physical file c:\data\bar.flv. foo/bar If there is a stream named then Flash Media Server first tries to find a virtual foo/bar/x directory mapping for .
Page 181 For instance, the application developer might locate a stream encoded with the On2 codec in one folder and create a different folder for the same stream encoded with the Sorenson codec. Both streams have the same content, but each is tailored to replay on specific versions of Flash Player.
Page 182 If you are mapping a virtual directory to a drive on another computer, make sure that the computer running Flash Media Server has the right permissions to access the other computer. Syntax <VirtualDirectory> <Streams>key-value;virtual path;directory</Streams> </VirtualDirectory> You specify a virtual directory by mapping the client's virtual key to the resource’s actual key. Setting the key to point to the beginning of the value for the tag forces the virtual Streams...
Page 183: Application.xml File
VirtualKeys This tag sets the virtual key mappings for the different versions of Flash Player connecting to Flash Media Server. This tag and the tag implement the custom stream VirtualDirectory delivery feature in Flash Media Server 2. Description When the Flash Player running on a client connects to Flash Media Server, it receives a virtual key.
Page 184 Each virtual host can contain multiple Application.xml files. The Application.xml file in the virtual host directory configures the default settings for applications within the virtual host. If you want to have different settings for a particular application, create a specific Application.xml file in the application’s registered application directory (for example, ../ applications/app_name) with the settings you want.
Page 185 <StreamManager> <StorageDir></StorageDir> <DuplicateDir></DuplicateDir> <CachePrefix></CachePrefix> <CacheUpdateInterval></CacheUpdateInterval> <EnhancedSeek>false</EnhancedSeek> <KeyFrameInterval>1000</KeyFrameInterval> <Audio> <CombineSamples> <Subscribers></Subscribers> <LoCPU></LoCPU> <HiCPU></HiCPU> <MaxSamples></MaxSamples> </CombineSamples> <SendSilence> <Interval></Interval> </SendSilence> <NotifyAudioStop> <Duration></Duration> </NotifyAudioStop> </Audio> </StreamManager> <SharedObjManager> <StorageDir></StorageDir> <DuplicateDir></DuplicateDir> <ResyncDepth></ResyncDepth> <LockTimeOut></LockTimeOut> <AutoCommit></AutoCommit> </SharedObjManager> <AllowHTTPTunnel></AllowHTTPTunnel> <Client> <Bandwidth> <ServerToClient>250000</ServerToClient> <ClientToServer>250000</ClientToServer> </Bandwidth> <BandwidthCap override="no"> <ServerToClient>10000000</ServerToClient> <ClientToServer>10000000</ClientToServer> </BandwidthCap> <HTTPTunnel>...
Page 186: Summary Of Application.xml Tags
<Bits></Bits> </UserAgent> </Client> <HTTP> <HTTP1_0></HTTP1_0> <Verbose></Verbose> <Connections> <MaxTimeout></MaxTimeout> <Reuse></Reuse> <Interface></Interface> </Connections> <Proxy> <Host></Host> <Port></Port> <Type></Type> <Tunnel></Tunnel> <Username></Username> <Password></Password> </Proxy> <Redirect> <Allow></Allow> <Max></Max> <UnrestrictedAuth></UnrestrictedAuth> </Redirect> </HTTP> </Application> Summary of Application.xml tags The following list alphabetically displays the tags in the Application.xml configuration file. Application.xml tag Description Container tag;...
Page 187 Application.xml tag Description Container tag; contains tags to configure the bandwidth Bandwidth settings for server-client communications. Container tag; contains tags that specify the maximum BandwidthCap bandwidth values that a user can set. Contains the settings for different versions of Flash Player Bits on the Windows and Macintosh platforms.
Page 188 Application.xml tag Description Allows or disallows use of the HTTP 1.0 protocol. HTTP1_0 Container tag; contains tags to configure HTTP tunneling. HTTPTunnel Specifies the wait time before Flash Media Server responds IdleAckInterval to an idle post sent to it. Specifies the wait time before Flash Player sends an idle IdlePostInterval post message to Flash Media Server.
Page 189 Application.xml tag Description Specifies the default MIME-type header sent on tunnel MimeType responses. Specifies whether Flash Media Server is notified when an NotifyAudioStop audio transmission ending on a stream is encountered. Specifies the password for connections to the proxy. Password Specifies the proxy port to connect to if not specified.
Page 190: Description Of Application.xml Tags
Application.xml tag Description Specifies whether or not to tunnel all operations through a Tunnel given HTTP proxy. Specifies the type of proxy being connected to. Type Allows or disallows sending username/password with each UnrestrictedAuth HTTP redirection. Specifies the version dependency settings for clients that UserAgent use different versions of Flash Player or platform.
Page 191 AllowHTTPTunnel The tag configures Flash Media Server to allow HTTP tunneling connections into this application. Description By default, Flash Player communicates with Flash Media Server using the RTMP protocol over port 1935. If that fails, it will try again over ports 443 and 80 in an attempt to get around firewall settings, which prevents TCP/IP connections over non-standard ports.
Page 192 AutoCommit Shared Objects are automatically committed when they have been changed. Description Setting this tag to disables the Flash Player function for all shared objects within this false instance. If the function is disabled, the server-side script has to call the function AutoCommit save...
Page 193 See also Bandwidth Bits This tag contains the settings for Flash Player on the Windows and Macintosh platforms. Examples <Bits from="WIN 6,0,0,0" to="WIN 7,0,55,0">0x01</Bits> <Bits from="MAC 6,0,0,0" to="MAC 7,0,55,0">0x01</Bits> See also UserAgent CachePrefix This tag specifies the cache prefix that is passed from the origin server to the proxy server. Description This tag is set on the origin server.
Page 194 By default, the prefix is set to ?IP? Cache prefix Actual name IP address of the server ?IP? Application name ?APP? Application instance ?APPINST? vhost name ?VHOST? You can include the IP address in the prefix to avoid file collision. For example, the proxy server might be connecting to two different origin servers with the same file in c:\data\foo.flv.
Page 195 Client Container tag. Description The tags nested within this container configure the client. Description By default, the tag includes an parameter. Individual applications Client override="no" cannot override how the tags in the section are configured. Client Contained tags Access Bandwidth BandwidthCap HTTPTunnel UserAgent...
Page 196 CombineSamples Container tag. Description Flash Media Server conserves system resources by combining sound samples. This strategy saves the CPU and bandwidth overhead when transmitting individual audio packets only. Use this strategy of combining sound sample advisedly during periods of high CPU usage as it can induce latency.
Page 197 DuplicateDir (StreamsManager) This is one of two tags named in the Application.xml file. DuplicateDir Located in container. StreamManager This tag specifies the physical location where copies of recorded stream files are stored. Description This location serves as a backup for stream files. This location must already exist before a stream can be stored.
Page 198 FileObject Container tag. Description tag nested within this container configures the file object VirtualDirectory JSEngine settings. Contained tags VirtualDirectory FolderAccess This tag configures folder-level permissions for the functions readAccess writeAccess in the Access Module. Description By default, folder-level permission in the Access Module is set to false, which allows access permissions to be set at the single-file level.
Page 199 Example <Host>myserver:8080</Host> To specify the port number in this string, add to the end of the host name. :[port] The port number can also be specified in the tag. Port See also Port HTTP Container tag. Description The tags in this section configure the HTTP connection settings for this application. Contained tags containers;...
Page 200 The Application.xml configuration file offers three representative settings for these parameters. These settings recommend that you set the intervals to correspond to low, medium, or high latency. The following table presents these settings. Acceptable Latency IdlePostInterval IdleAckInterval 128 milliseconds 256 milliseconds 512 milliseconds 512 milliseconds Medium...
Page 201 The interval for an idle post ranges from 0 to 4064 milliseconds. If the IdlePostInterval tag is set to a value that lies outside of this range, the default value of 512 milliseconds is used. At times the server will not be able to send any data to the client for the selected duration.
Page 202 KeyFrameInterval This tag defines how often to generate and save keyframes in an FLV file. Description Setting this tag to a higher value than the default reduces the number of keyframes added to the FLV file and thus reduces the file size. Setting a higher value for the interval, however, reduces the seeking accuracy.
Page 203 Description Having an application instance loaded at server startup saves time when the first client connects to that application. The default value is false If you set this tag to , an instance of each application on the server will be loaded at true startup.
Page 204 MaxCores The value for this tag determines how many core processes can exist for an application. Description By default, the functionality is disabled. The default value is zero. MaxCores See also LifeTime RollOver MaxFailures The value for this tag determines the maximum number of process failures that can occur before a core process is disabled.
Page 205 Description This tag defines the maximum time for a transfer to be completed. The default time is 60 seconds. Operations such as DNS lookups may take more time. If the setting for this tag is set too low a value, the risk of aborting correctly functioning operations increases. See also in the container...
Page 206 NotifyAudioStop Container tag. Description tag nested within this container determines whether or not Flash Media Server Duration is notified when an audio transmission ending on a stream is encountered. Example <NotifyAudioStop enabled="false"></NotifyAudioStop> Contained tag Duration Password This tag specifies the password for connecting to the proxy. See also Username Port...
Page 207 Proxy Container tag. Description The tags nested within this container configure the HTTP Proxy settings. Contained tags Host Password Port Tunnel Type Username RecoveryTime This tag specifies the recovery time for a core. Description Flash Media Server will not launch a core process until some minimum recovery time has elapsed.
Page 208 ResyncDepth This tag instructs Flash Media Server to resynchronize a shared object file. Description The shared object is resynchronized when its version number is greater than the head version minus the current version. The default value sends a resynchronized version of the file with every connection. s -1 Reuse This tag configures whether or not Flash Media Server explicitly closes the HTTP connection...
Page 209 Description The default size is 1024 kilobytes, which is the equivalent of 1 megabyte. The lower and upper limits on the size of the JavaScript engine are 10 kilobytes and 51200 kilobytes, which is the equivalent of 50 megabytes. The default value applies when the engine size lies outside of these limits.
Page 210 SendSilence Container tag. Description tag nested within this container configures the settings for sending silent Interval messages. Contained tag Interval ServerToClient (Bandwidth) This is one of two tags named in the Application.xml file. ServerToClient Located in the container. Bandwidth This tag specifies the maximum bandwidth the server can use for sending data downstream to the client.
Page 211 SharedObjManager Container tag. Description The tags nested within this container configure the Shared Object Manager setting of an application. Contained tags AutoCommit DuplicateDir (StreamsManager) LockTimeout ResyncDepth StorageDir (StreamManager) StorageDir (SharedObjManager) There are two tags named in the Application.xml file; this one is in the StorageDir container.
Page 212 Set this tag only when the files for recorded streams must be stored in a location other than the application directory. See also DuplicateDir (StreamsManager) StreamManager Container tag. Description The tags in this section configure the Stream Manager settings for this application. Contained tags container Audio...
Page 213 UnrestrictedAuth This tag determines whether or not to allow sending the username/password combination with each HTTP redirect. Description Sending the username/password combination is useful only if the tag permits Allow redirections. The default setting is true UserAgent Container tag. Description The settings for clients vary according to whether the Flash Player platform is Windows or Macintosh.
Page 214 Syntax <VirtualDirectory><virtual dir>;<actual dir></VirtualDirectory> WriteBuffSize This tag specifies in kilobytes the size of the write buffer. Description The default size is 16KB. Configuration Files...
Page 215: Chapter 4: Flash Media Server Security
CHAPTER 4 Flash Media Server Security Macromedia Flash Media Server 2 will typically be used in a network environment where many users will have access to it; by changing its configuration, you can make the server accessible from within a private network, from the public Internet, or both. When deploying any server technology, you should consider the implications to both the security of your internal network and the accessibility of the server’s host computer.
Page 216 Edit the security tags in the configuration files Utilize the limits that can be set in the server’s configuration files. Use the following tags in the configuration files to enhance the server’s security: Server.xml file tag nested in container allows you to specify the port of your HostPort AdminServer choice for connecting to the Admin service with the management console.
Page 217 StreamManager container let you specify the locations for storing streams and shared objects. You can store them in locations outside the applications directory in the Macromedia Flash Media Server directory, if you wish. tags groups let you specify the maximum amount of data that an Bandwidth application can send and receive.
Page 218: About Authentication And Authorization
About authentication and authorization To authenticate (validate) administrators, Flash Media Server employs several layers of host- based user security. (Host-based security refers to security measures that are implemented in the server software itself.) When a user tries to connect to the management console with an administrator user name and password, the server uses the layers of settings in its configuration files to determine whether the connection should be allowed.
Page 219: Javascript Security
Macromedia Flash client application. One version might be a chat participant version; another might be a chat moderator version, with additional functionality built in, such as the ability to edit users’...
Page 220: Secure Script Loading
Secure script loading The Flash Media Server script security model enables one to limit the exposure to potentially malicious or buggy third-party code that may be included on the server side. An example would be an extensible application where users could download third-party plug-ins or components, then load or evaluate them in the application.
Page 221: Protecting Objects
// available globally as idGen. global.idGen = protectObject( idgen ); // Make idGen non-enumerable, read-only and permanent setAttributes( global, "idGen", false, true, true ); When normal script loading begins will be available as a global object, that cannot be idGen compromised by any script loaded directly or indirectly from main.asc Example...
Page 222: Permissions Levels
Permissions levels Flash Media Server does not use explicit levels of privileges, but provides a way for the application developer to implement system objects that the application code can not compromise. Privileged access is simply the capability to directly access these special objects. These system objects could be compromised if a system call explicitly evaluates randomly accessed code on the caller's behalf.
Page 223 Asynchronous system calls In Flash Media Server, application developers can implement asynchronous system calls, where the caller is unprivileged and relies on a system call to set up and complete the call. The callback must remain unprivileged. This coding is useful when a system object is trying to wrap and hide a network connection.
Page 224: Choosing Passwords
Choosing passwords When choosing passwords, remember to make them as secure as possible. The following guidelines can help you create more secure passwords: The minimum length of a password should be 7 characters. Passwords should not contain your user name or any part of it (for example: Jane, Doe, Jdoe).
Page 225: Configuring Access Dll
When you configure this module, you can use the sample DLL authentication supplied by Macromedia or apply your own authentication mechanism to intercept and examine connection attempts to Flash Media Server. Access DLL...
Page 226 Access DLL APIs Access DLL provides the following APIs: AccessAdaptor API name Description Returns the version of the Access module. getVersion Returns a description of the Access module. getDescription Callback; this API is activated when a connection is attempted to onAccess Flash Media Server.
Page 227 API name Description Sets the read access for a client. The Access string is configured as setReadAccess JavaScript's client.readAccess. The second parameter is a Boolean value with its default as . This Boolean value, if , will block true true user scripts from changing this value.
Page 228: Sample Adaptor.cpp File
Sample Adaptor.cpp file Here is an excerpt from the Adaptor.cpp file that you can modify to fit your local authentication profile. Adaptor.cpp is a C++ file that contains the code for the Access DLL module. The corresponding file on Linux systems is called Makefile.access. void SampleAdaptor::onAccess(IFCAccess* pAccess) switch(pAccess->getType()) case IFCAccess::CONNECT:...
Page 229: Developing Secure Applications
default: // We really shouldn't get here! fprintf( stderr, "SampleAdaptor: Unknown access event!\n" ); //pAccess->reject("why not"); pAccess->accept(); Developing secure applications If you develop Flash Media Server applications, you can use SSL (Secure Sockets Layer) and other secure development practices to ensure the security of your applications and the data they use.
Page 230: Using Other Secure Development Practices
Configure the adaptor to listen on a secure port. If you need a secure connection, configure the adaptor for the application to listen on a secure port by setting the secure attribute to in the tag in the Adaptor.xml file. Be aware that you can assign true HostPort only one virtual host to an adaptor that listens on a secure port, and you must specify the IP...
Page 231: About Privacy
Send sensitive data via HTTPS If you need to send sensitive data such as credit card information, you can use HTTPS to communicate simultaneously between your Flash client application and a separate application server that processes the data. To do this, use the ActionScript getURL command.
Page 232: Log File Precautions
If the Flash Media Server and an application server are both behind a firewall, they can communicate with each other and no outside party can eavesdrop on the data to gain access to private information. You can also configure a firewall to provide additional protection against outside attacks. For example, if the server is being flooded by a particular IP or range of IP addresses, you can configure the firewall to ignore messages from those IP addresses.
Page 233: Index
Index RecoveryTime 157 Redirect 158 Access DLL 224–229 ResourceLimits 158 APIs 226–227 SetCookie 158 configuring 225 SSL 159 examining the connection request 225 SSLCACertificateFile 159 modifying 227 SSLCACertificateKeyFile 160 sample Adaptor.cpp file 228 SSLCipherSuite 160 access logs 35–39 SSLPassPhrase 160 events 35–36 SSLServerCtx 161 fields 36–38...
Page 234 Application.xml tags Proxy 207 Access 190 RecoveryTime 207 Allow 190 Redirect 207 AllowHTTPTunnel 191 ResyncDepth 208 Application 191 Reuse 208 Audio 191 RollOver 208 AutoCommit 192 RuntimeSize 208 Bandwidth 192 Scope 209 BandwidthCap 192 ScriptLibPath 209 Bits 193 SendSilence 210 CachePrefix 193–194 ServerToClient (Bandwidth) 210 CacheUpdateInterval 194...
Page 235 configuration files 85–214 Adaptor.xml 147–162 license files 33 Application.xml 183–214 Linux systems Logger.xml 134–146 commands for 59 protecting 217 fcsmgr 58 security tags 215–217 requirements 8 Server.xml 86–128 starting the server 15 SSL support 64 log files 22, 23, 34–51, 232 Users.xml 128–134 Logger.xml file 134–146 Vhost.xml 162–183...
Page 236 viewing application log file 22 protecting configuration files 217 viewing connection data 31 protecting objects 221 viewing license files 33 restricting connections 216, 230 viewing performance statistics of an application 26 script loading 220 viewing server log file 34 server-side scripts 230 viewing server performance data 30 tags in configuration files 215–217 viewing the application log file 23...
Page 237 FreeMemRatio 103 SSLCipherSuite 121–124 FreeRatio 104 SSLClientCtx 124 GID 104 SSLRandomSeed 125 GlobalQueue 104 SSLSessionCacheGC 125 GlobalRatio 105 SSLVerifyCertificate 125 HeapSize 105 SSLVerifyDepth 126 HostPort 105 ThreadPoolGC 126 HTTP 106 Time 126 IPCQueues 106 TTL 127 LargeMemPool 106 UID 127 LocalHost 107 UpdateInterval 127 Logging 107...
Page 238 Users.xml tags RouteTable 177 AdminServer 129 SegmentsPool 178 Allow (HTTPCommands) 130 SmallMemPool 178 Allow (User) 130 SSL 178 Deny (HTTPCommands) 131 Streams 179 Deny (User) 131 UpdateInterval 181 Enable 131 VirtualDirectory 181 HTTPCommands 132 VirtualHost 182 Order (HTTPCommands) 132 VirtualKeys 183 Order (User) 132 virtual hosts Password 133...

This manual is also suitable for:

Flash media server 2

MACROMEDIA FLASH MEDIA SERVER 2-MANAGING FLASH MEDIA SERVER Manual

Chapter 1: Managing the Server

Chapter 2: Deploying Flash Media Server

Chapter 3: Configuration Files

Chapter 4: Flash Media Server Security

Quick Links

Need help?

Questions and answers

Related Manuals for MACROMEDIA FLASH MEDIA SERVER 2-MANAGING FLASH MEDIA SERVER

Summary of Contents for MACROMEDIA FLASH MEDIA SERVER 2-MANAGING FLASH MEDIA SERVER

This manual is also suitable for:

Table of Contents